xref: /netbsd-src/crypto/dist/ipsec-tools/src/racoon/cftoken.l (revision 50728e7823a76d5bd1a7bfa3a4eac400269b1339) 
1 /*	$NetBSD: cftoken.l,v 1.19 2009/01/05 06:03:58 tteras Exp $	*/
2 
3 /* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
4 
5 %{
6 /*
7  * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the project nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #include "config.h"
36 
37 #include <sys/types.h>
38 #include <sys/param.h>
39 #include <sys/socket.h>
40 
41 #include <netinet/in.h>
42 #include PATH_IPSEC_H
43 
44 #include <stdlib.h>
45 #include <stdio.h>
46 #include <string.h>
47 #include <errno.h>
48 #include <limits.h>
49 #include <ctype.h>
50 #include <glob.h>
51 #ifdef HAVE_STDARG_H
52 #include <stdarg.h>
53 #else
54 #include <varargs.h>
55 #endif
56 
57 #include "var.h"
58 #include "misc.h"
59 #include "vmbuf.h"
60 #include "plog.h"
61 #include "debug.h"
62 
63 #include "algorithm.h"
64 #include "cfparse_proto.h"
65 #include "cftoken_proto.h"
66 #include "localconf.h"
67 #include "oakley.h"
68 #include "isakmp_var.h"
69 #include "isakmp.h"
70 #include "ipsec_doi.h"
71 #include "policy.h"
72 #include "proposal.h"
73 #include "remoteconf.h"
74 #ifdef GC
75 #include "gcmalloc.h"
76 #endif
77 
78 #include "cfparse.h"
79 
80 int yyerrorcount = 0;
81 
82 #if defined(YIPS_DEBUG)
83 #  define YYDB plog(LLV_DEBUG2, LOCATION, NULL,                                \
84 		"begin <%d>%s\n", yy_start, yytext);
85 #  define YYD {                                                                \
86 	plog(LLV_DEBUG2, LOCATION, NULL, "<%d>%s",                             \
87 	    yy_start, loglevel >= LLV_DEBUG2 ? "\n" : "");                     \
88 }
89 #else
90 #  define YYDB
91 #  define YYD
92 #endif /* defined(YIPS_DEBUG) */
93 
94 #define MAX_INCLUDE_DEPTH 10
95 
96 static struct include_stack {
97 	char *path;
98 	FILE *fp;
99 	YY_BUFFER_STATE prevstate;
100 	int lineno;
101 	glob_t matches;
102 	int matchon;
103 } incstack[MAX_INCLUDE_DEPTH];
104 static int incstackp = 0;
105 
106 static int yy_first_time = 1;
107 %}
108 
109 /* common seciton */
110 nl		\n
111 ws		[ \t]+
112 digit		[0-9]
113 letter		[A-Za-z]
114 hexdigit	[0-9A-Fa-f]
115 /*octet		(([01]?{digit}?{digit})|((2([0-4]{digit}))|(25[0-5]))) */
116 special		[()+\|\?\*]
117 comma		\,
118 dot		\.
119 slash		\/
120 bcl		\{
121 ecl		\}
122 blcl		\[
123 elcl		\]
124 hyphen          \-
125 percent		\%
126 semi		\;
127 comment		\#.*
128 ccomment	"/*"
129 bracketstring	\<[^>]*\>
130 quotedstring	\"[^"]*\"
131 addrstring	[a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
132 decstring	{digit}+
133 hexstring	0x{hexdigit}+
134 
135 %s S_INI S_PRIV S_PTH S_LOG S_PAD S_LST S_RTRY S_CFG S_LDAP S_RAD
136 %s S_ALGST S_ALGCL
137 %s S_SAINF S_SAINFS
138 %s S_RMT S_RMTS S_RMTP
139 %s S_SA
140 %s S_GSSENC
141 
142 %%
143 %{
144 	if (yy_first_time) {
145 		BEGIN S_INI;
146 		yy_first_time = 0;
147 	}
148 %}
149 
150 	/* privsep */
151 <S_INI>privsep		{ BEGIN S_PRIV; YYDB; return(PRIVSEP); }
152 <S_PRIV>{bcl}		{ return(BOC); }
153 <S_PRIV>user		{ YYD; return(USER); }
154 <S_PRIV>group		{ YYD; return(GROUP); }
155 <S_PRIV>chroot		{ YYD; return(CHROOT); }
156 <S_PRIV>{ecl}		{ BEGIN S_INI; return(EOC); }
157 
158 	/* path */
159 <S_INI>path		{ BEGIN S_PTH; YYDB; return(PATH); }
160 <S_PTH>include		{ YYD; yylval.num = LC_PATHTYPE_INCLUDE;
161 				return(PATHTYPE); }
162 <S_PTH>pre_shared_key	{ YYD; yylval.num = LC_PATHTYPE_PSK;
163 				return(PATHTYPE); }
164 <S_PTH>certificate	{ YYD; yylval.num = LC_PATHTYPE_CERT;
165 				return(PATHTYPE); }
166 <S_PTH>script		{ YYD; yylval.num = LC_PATHTYPE_SCRIPT;
167 				return(PATHTYPE); }
168 <S_PTH>backupsa		{ YYD; yylval.num = LC_PATHTYPE_BACKUPSA;
169 				return(PATHTYPE); }
170 <S_PTH>pidfile		{ YYD; yylval.num = LC_PATHTYPE_PIDFILE;
171 				return(PATHTYPE); }
172 <S_PTH>{semi}		{ BEGIN S_INI; YYDB; return(EOS); }
173 
174 	/* include */
175 <S_INI>include		{ YYDB; return(INCLUDE); }
176 
177     /* pfkey_buffer */
178 <S_INI>pfkey_buffer { YYDB; return(PFKEY_BUFFER); }
179 
180 	/* special */
181 <S_INI>complex_bundle	{ YYDB; return(COMPLEX_BUNDLE); }
182 
183 	/* logging */
184 <S_INI>log		{ BEGIN S_LOG; YYDB; return(LOGGING); }
185 <S_LOG>error		{ YYD; yylval.num = LLV_ERROR; return(LOGLEV); }
186 <S_LOG>warning		{ YYD; yylval.num = LLV_WARNING; return(LOGLEV); }
187 <S_LOG>notify		{ YYD; yylval.num = LLV_NOTIFY; return(LOGLEV); }
188 <S_LOG>info		{ YYD; yylval.num = LLV_INFO; return(LOGLEV); }
189 <S_LOG>debug		{ YYD; yylval.num = LLV_DEBUG; return(LOGLEV); }
190 <S_LOG>debug2		{ YYD; yylval.num = LLV_DEBUG2; return(LOGLEV); }
191 <S_LOG>{semi}		{ BEGIN S_INI; return(EOS); }
192 
193 	/* padding */
194 <S_INI>padding		{ BEGIN S_PAD; YYDB; return(PADDING); }
195 <S_PAD>{bcl}		{ return(BOC); }
196 <S_PAD>randomize	{ YYD; return(PAD_RANDOMIZE); }
197 <S_PAD>randomize_length	{ YYD; return(PAD_RANDOMIZELEN); }
198 <S_PAD>maximum_length	{ YYD; return(PAD_MAXLEN); }
199 <S_PAD>strict_check	{ YYD; return(PAD_STRICT); }
200 <S_PAD>exclusive_tail	{ YYD; return(PAD_EXCLTAIL); }
201 <S_PAD>{ecl}		{ BEGIN S_INI; return(EOC); }
202 
203 	/* listen */
204 <S_INI>listen		{ BEGIN S_LST; YYDB; return(LISTEN); }
205 <S_LST>{bcl}		{ return(BOC); }
206 <S_LST>isakmp		{ YYD; return(X_ISAKMP); }
207 <S_LST>isakmp_natt	{ YYD; return(X_ISAKMP_NATT); }
208 <S_LST>admin		{ YYD; return(X_ADMIN); }
209 <S_LST>adminsock	{ YYD; return(ADMINSOCK); }
210 <S_LST>disabled		{ YYD; return(DISABLED); }
211 <S_LST>strict_address	{ YYD; return(STRICT_ADDRESS); }
212 <S_LST>{ecl}		{ BEGIN S_INI; return(EOC); }
213 
214 	/* radius config */
215 <S_INI>radiuscfg	{ BEGIN S_RAD; YYDB; return(RADCFG); }
216 <S_RAD>{bcl}		{ return(BOC); }
217 <S_RAD>auth		{ YYD; return(RAD_AUTH); }
218 <S_RAD>acct		{ YYD; return(RAD_ACCT); }
219 <S_RAD>timeout		{ YYD; return(RAD_TIMEOUT); }
220 <S_RAD>retries		{ YYD; return(RAD_RETRIES); }
221 <S_RAD>{ecl}		{ BEGIN S_INI; return(EOC); }
222 
223 	/* ldap config */
224 <S_INI>ldapcfg		{ BEGIN S_LDAP; YYDB; return(LDAPCFG); }
225 <S_LDAP>{bcl}		{ return(BOC); }
226 <S_LDAP>version		{ YYD; return(LDAP_PVER); }
227 <S_LDAP>host		{ YYD; return(LDAP_HOST); }
228 <S_LDAP>port		{ YYD; return(LDAP_PORT); }
229 <S_LDAP>base		{ YYD; return(LDAP_BASE); }
230 <S_LDAP>subtree		{ YYD; return(LDAP_SUBTREE); }
231 <S_LDAP>bind_dn		{ YYD; return(LDAP_BIND_DN); }
232 <S_LDAP>bind_pw		{ YYD; return(LDAP_BIND_PW); }
233 <S_LDAP>attr_user	{ YYD; return(LDAP_ATTR_USER); }
234 <S_LDAP>attr_addr	{ YYD; return(LDAP_ATTR_ADDR); }
235 <S_LDAP>attr_mask	{ YYD; return(LDAP_ATTR_MASK); }
236 <S_LDAP>attr_group	{ YYD; return(LDAP_ATTR_GROUP); }
237 <S_LDAP>attr_member	{ YYD; return(LDAP_ATTR_MEMBER); }
238 <S_LDAP>{ecl}		{ BEGIN S_INI; return(EOC); }
239 
240 	/* mode_cfg */
241 <S_INI>mode_cfg		{ BEGIN S_CFG; YYDB; return(MODECFG); }
242 <S_CFG>{bcl}		{ return(BOC); }
243 <S_CFG>network4		{ YYD; return(CFG_NET4); }
244 <S_CFG>netmask4		{ YYD; return(CFG_MASK4); }
245 <S_CFG>dns4		{ YYD; return(CFG_DNS4); }
246 <S_CFG>nbns4		{ YYD; return(CFG_NBNS4); }
247 <S_CFG>wins4		{ YYD; return(CFG_NBNS4); }
248 <S_CFG>default_domain	{ YYD; return(CFG_DEFAULT_DOMAIN); }
249 <S_CFG>auth_source	{ YYD; return(CFG_AUTH_SOURCE); }
250 <S_CFG>auth_groups	{ YYD; return(CFG_AUTH_GROUPS); }
251 <S_CFG>group_source	{ YYD; return(CFG_GROUP_SOURCE); }
252 <S_CFG>conf_source	{ YYD; return(CFG_CONF_SOURCE); }
253 <S_CFG>accounting	{ YYD; return(CFG_ACCOUNTING); }
254 <S_CFG>system		{ YYD; return(CFG_SYSTEM); }
255 <S_CFG>local		{ YYD; return(CFG_LOCAL); }
256 <S_CFG>none		{ YYD; return(CFG_NONE); }
257 <S_CFG>radius		{ YYD; return(CFG_RADIUS); }
258 <S_CFG>pam		{ YYD; return(CFG_PAM); }
259 <S_CFG>ldap		{ YYD; return(CFG_LDAP); }
260 <S_CFG>pool_size	{ YYD; return(CFG_POOL_SIZE); }
261 <S_CFG>banner		{ YYD; return(CFG_MOTD); }
262 <S_CFG>auth_throttle	{ YYD; return(CFG_AUTH_THROTTLE); }
263 <S_CFG>split_network	{ YYD; return(CFG_SPLIT_NETWORK); }
264 <S_CFG>local_lan	{ YYD; return(CFG_SPLIT_LOCAL); }
265 <S_CFG>include		{ YYD; return(CFG_SPLIT_INCLUDE); }
266 <S_CFG>split_dns	{ YYD; return(CFG_SPLIT_DNS); }
267 <S_CFG>pfs_group	{ YYD; return(CFG_PFS_GROUP); }
268 <S_CFG>save_passwd	{ YYD; return(CFG_SAVE_PASSWD); }
269 <S_CFG>{comma}		{ YYD; return(COMMA); }
270 <S_CFG>{ecl}		{ BEGIN S_INI; return(EOC); }
271 
272 	/* timer */
273 <S_INI>timer		{ BEGIN S_RTRY; YYDB; return(RETRY); }
274 <S_RTRY>{bcl}		{ return(BOC); }
275 <S_RTRY>counter		{ YYD; return(RETRY_COUNTER); }
276 <S_RTRY>interval	{ YYD; return(RETRY_INTERVAL); }
277 <S_RTRY>persend		{ YYD; return(RETRY_PERSEND); }
278 <S_RTRY>phase1		{ YYD; return(RETRY_PHASE1); }
279 <S_RTRY>phase2		{ YYD; return(RETRY_PHASE2); }
280 <S_RTRY>natt_keepalive	{ YYD; return(NATT_KA); }
281 <S_RTRY>{ecl}		{ BEGIN S_INI; return(EOC); }
282 
283 	/* sainfo */
284 <S_INI>sainfo		{ BEGIN S_SAINF; YYDB; return(SAINFO); }
285 <S_SAINF>anonymous	{ YYD; return(ANONYMOUS); }
286 <S_SAINF>clientaddr	{ YYD; return(CLIENTADDR); }
287 <S_SAINF>{blcl}any{elcl}	{ YYD; return(PORTANY); }
288 <S_SAINF>any		{ YYD; return(ANY); }
289 <S_SAINF>from		{ YYD; return(FROM); }
290 <S_SAINF>group		{ YYD; return(GROUP); }
291 	/* sainfo spec */
292 <S_SAINF>{bcl}		{ BEGIN S_SAINFS; return(BOC); }
293 <S_SAINF>{semi}		{ BEGIN S_INI; return(EOS); }
294 <S_SAINFS>{ecl}		{ BEGIN S_INI; return(EOC); }
295 <S_SAINFS>pfs_group	{ YYD; return(PFS_GROUP); }
296 <S_SAINFS>remoteid	{ YYD; return(REMOTEID); }
297 <S_SAINFS>my_identifier	{ YYD; return(MY_IDENTIFIER); }
298 <S_SAINFS>lifetime	{ YYD; return(LIFETIME); }
299 <S_SAINFS>time		{ YYD; return(LIFETYPE_TIME); }
300 <S_SAINFS>byte		{ YYD; return(LIFETYPE_BYTE); }
301 <S_SAINFS>encryption_algorithm { YYD; yylval.num = algclass_ipsec_enc; return(ALGORITHM_CLASS); }
302 <S_SAINFS>authentication_algorithm { YYD; yylval.num = algclass_ipsec_auth; return(ALGORITHM_CLASS); }
303 <S_SAINFS>compression_algorithm	{ YYD; yylval.num = algclass_ipsec_comp; return(ALGORITHM_CLASS); }
304 <S_SAINFS>{comma}	{ YYD; return(COMMA); }
305 
306 	/* remote */
307 <S_INI>remote		{ BEGIN S_RMT; YYDB; return(REMOTE); }
308 <S_RMT>anonymous	{ YYD; return(ANONYMOUS); }
309 <S_RMT>inherit		{ YYD; return(INHERIT); }
310 	/* remote spec */
311 <S_RMT>{bcl}		{ BEGIN S_RMTS; return(BOC); }
312 <S_RMTS>{ecl}		{ BEGIN S_INI; return(EOC); }
313 <S_RMTS>exchange_mode	{ YYD; return(EXCHANGE_MODE); }
314 <S_RMTS>{comma}		{ YYD; /* XXX ignored, but to be handled. */ ; }
315 <S_RMTS>base		{ YYD; yylval.num = ISAKMP_ETYPE_BASE; return(EXCHANGETYPE); }
316 <S_RMTS>main		{ YYD; yylval.num = ISAKMP_ETYPE_IDENT; return(EXCHANGETYPE); }
317 <S_RMTS>aggressive	{ YYD; yylval.num = ISAKMP_ETYPE_AGG; return(EXCHANGETYPE); }
318 <S_RMTS>doi		{ YYD; return(DOI); }
319 <S_RMTS>ipsec_doi	{ YYD; yylval.num = IPSEC_DOI; return(DOITYPE); }
320 <S_RMTS>situation	{ YYD; return(SITUATION); }
321 <S_RMTS>identity_only	{ YYD; yylval.num = IPSECDOI_SIT_IDENTITY_ONLY; return(SITUATIONTYPE); }
322 <S_RMTS>secrecy		{ YYD; yylval.num = IPSECDOI_SIT_SECRECY; return(SITUATIONTYPE); }
323 <S_RMTS>integrity	{ YYD; yylval.num = IPSECDOI_SIT_INTEGRITY; return(SITUATIONTYPE); }
324 <S_RMTS>my_identifier	{ YYD; return(MY_IDENTIFIER); }
325 <S_RMTS>xauth_login	{ YYD; return(XAUTH_LOGIN); /* formerly identifier type login */ }
326 <S_RMTS>peers_identifier	{ YYD; return(PEERS_IDENTIFIER); }
327 <S_RMTS>verify_identifier	{ YYD; return(VERIFY_IDENTIFIER); }
328 <S_RMTS>certificate_type	{ YYD; return(CERTIFICATE_TYPE); }
329 <S_RMTS>ca_type		{ YYD; return(CA_TYPE); }
330 <S_RMTS>x509		{ YYD; yylval.num = ISAKMP_CERT_X509SIGN; return(CERT_X509); }
331 <S_RMTS>plain_rsa	{ YYD; yylval.num = ISAKMP_CERT_PLAINRSA; return(CERT_PLAINRSA); }
332 <S_RMTS>peers_certfile	{ YYD; return(PEERS_CERTFILE); }
333 <S_RMTS>dnssec		{ YYD; return(DNSSEC); }
334 <S_RMTS>verify_cert	{ YYD; return(VERIFY_CERT); }
335 <S_RMTS>send_cert	{ YYD; return(SEND_CERT); }
336 <S_RMTS>send_cr		{ YYD; return(SEND_CR); }
337 <S_RMTS>dh_group	{ YYD; return(DH_GROUP); }
338 <S_RMTS>nonce_size	{ YYD; return(NONCE_SIZE); }
339 <S_RMTS>generate_policy	{ YYD; return(GENERATE_POLICY); }
340 <S_RMTS>unique		{ YYD; yylval.num = GENERATE_POLICY_UNIQUE; return(GENERATE_LEVEL); }
341 <S_RMTS>require		{ YYD; yylval.num = GENERATE_POLICY_REQUIRE; return(GENERATE_LEVEL); }
342 <S_RMTS>support_proxy	{ YYD; return(SUPPORT_PROXY); }
343 <S_RMTS>initial_contact	{ YYD; return(INITIAL_CONTACT); }
344 <S_RMTS>nat_traversal	{ YYD; return(NAT_TRAVERSAL); }
345 <S_RMTS>force		{ YYD; return(REMOTE_FORCE_LEVEL); }
346 <S_RMTS>proposal_check	{ YYD; return(PROPOSAL_CHECK); }
347 <S_RMTS>obey		{ YYD; yylval.num = PROP_CHECK_OBEY; return(PROPOSAL_CHECK_LEVEL); }
348 <S_RMTS>strict		{ YYD; yylval.num = PROP_CHECK_STRICT; return(PROPOSAL_CHECK_LEVEL); }
349 <S_RMTS>exact		{ YYD; yylval.num = PROP_CHECK_EXACT; return(PROPOSAL_CHECK_LEVEL); }
350 <S_RMTS>claim		{ YYD; yylval.num = PROP_CHECK_CLAIM; return(PROPOSAL_CHECK_LEVEL); }
351 <S_RMTS>keepalive	{ YYD; return(KEEPALIVE); }
352 <S_RMTS>passive		{ YYD; return(PASSIVE); }
353 <S_RMTS>lifetime	{ YYD; return(LIFETIME); }
354 <S_RMTS>time		{ YYD; return(LIFETYPE_TIME); }
355 <S_RMTS>byte		{ YYD; return(LIFETYPE_BYTE); }
356 <S_RMTS>dpd			{ YYD; return(DPD); }
357 <S_RMTS>dpd_delay	{ YYD; return(DPD_DELAY); }
358 <S_RMTS>dpd_retry	{ YYD; return(DPD_RETRY); }
359 <S_RMTS>dpd_maxfail	{ YYD; return(DPD_MAXFAIL); }
360 <S_RMTS>ph1id		{ YYD; return(PH1ID); }
361 <S_RMTS>ike_frag	{ YYD; return(IKE_FRAG); }
362 <S_RMTS>esp_frag	{ YYD; return(ESP_FRAG); }
363 <S_RMTS>script		{ YYD; return(SCRIPT); }
364 <S_RMTS>phase1_up	{ YYD; return(PHASE1_UP); }
365 <S_RMTS>phase1_down	{ YYD; return(PHASE1_DOWN); }
366 <S_RMTS>mode_cfg	{ YYD; return(MODE_CFG); }
367 <S_RMTS>weak_phase1_check { YYD; return(WEAK_PHASE1_CHECK); }
368 <S_RMTS>rekey		{ YYD; return(REKEY); }
369 	/* remote proposal */
370 <S_RMTS>proposal	{ BEGIN S_RMTP; YYDB; return(PROPOSAL); }
371 <S_RMTP>{bcl}		{ return(BOC); }
372 <S_RMTP>{ecl}		{ BEGIN S_RMTS; return(EOC); }
373 <S_RMTP>lifetime	{ YYD; return(LIFETIME); }
374 <S_RMTP>time		{ YYD; return(LIFETYPE_TIME); }
375 <S_RMTP>byte		{ YYD; return(LIFETYPE_BYTE); }
376 <S_RMTP>encryption_algorithm { YYD; yylval.num = algclass_isakmp_enc; return(ALGORITHM_CLASS); }
377 <S_RMTP>authentication_method { YYD; yylval.num = algclass_isakmp_ameth; return(ALGORITHM_CLASS); }
378 <S_RMTP>hash_algorithm	{ YYD; yylval.num = algclass_isakmp_hash; return(ALGORITHM_CLASS); }
379 <S_RMTP>dh_group	{ YYD; return(DH_GROUP); }
380 <S_RMTP>gss_id		{ YYD; return(GSS_ID); }
381 <S_RMTP>gssapi_id	{ YYD; return(GSS_ID); } /* for back compatibility */
382 
383 	/* GSS ID encoding type (global) */
384 <S_INI>gss_id_enc	{ BEGIN S_GSSENC; YYDB; return(GSS_ID_ENC); }
385 <S_GSSENC>latin1	{ YYD; yylval.num = LC_GSSENC_LATIN1;
386 				return(GSS_ID_ENCTYPE); }
387 <S_GSSENC>utf-16le	{ YYD; yylval.num = LC_GSSENC_UTF16LE;
388 				return(GSS_ID_ENCTYPE); }
389 <S_GSSENC>{semi}	{ BEGIN S_INI; YYDB; return(EOS); }
390 
391 	/* parameter */
392 on		{ YYD; yylval.num = TRUE; return(SWITCH); }
393 off		{ YYD; yylval.num = FALSE; return(SWITCH); }
394 
395 	/* prefix */
396 {slash}{digit}{1,3} {
397 			YYD;
398 			yytext++;
399 			yylval.num = atoi(yytext);
400 			return(PREFIX);
401 		}
402 
403 	/* port number */
404 {blcl}{decstring}{elcl}	{
405 			char *p = yytext;
406 			YYD;
407 			while (*++p != ']') ;
408 			*p = 0;
409 			yytext++;
410 			yylval.num = atoi(yytext);
411 			return(PORT);
412 		}
413 
414 	/* address range */
415 {hyphen}{addrstring} {
416                         YYD;
417                         yytext++;
418 			yylval.val = vmalloc(yyleng + 1);
419 			if (yylval.val == NULL) {
420 				yyerror("vmalloc failed");
421 				return -1;
422 			}
423 			memcpy(yylval.val->v, yytext, yylval.val->l);
424                         return(ADDRRANGE);
425                 }
426 
427 	/* upper protocol */
428 esp		{ YYD; yylval.num = IPPROTO_ESP; return(UL_PROTO); }
429 ah		{ YYD; yylval.num = IPPROTO_AH; return(UL_PROTO); }
430 ipcomp		{ YYD; yylval.num = IPPROTO_IPCOMP; return(UL_PROTO); }
431 icmp		{ YYD; yylval.num = IPPROTO_ICMP; return(UL_PROTO); }
432 icmp6		{ YYD; yylval.num = IPPROTO_ICMPV6; return(UL_PROTO); }
433 tcp		{ YYD; yylval.num = IPPROTO_TCP; return(UL_PROTO); }
434 udp		{ YYD; yylval.num = IPPROTO_UDP; return(UL_PROTO); }
435 gre		{ YYD; yylval.num = IPPROTO_GRE; return(UL_PROTO); }
436 
437 	/* algorithm type */
438 des_iv64	{ YYD; yylval.num = algtype_des_iv64;	return(ALGORITHMTYPE); }
439 des		{ YYD; yylval.num = algtype_des;	return(ALGORITHMTYPE); }
440 3des		{ YYD; yylval.num = algtype_3des;	return(ALGORITHMTYPE); }
441 rc5		{ YYD; yylval.num = algtype_rc5;	return(ALGORITHMTYPE); }
442 idea 		{ YYD; yylval.num = algtype_idea;	return(ALGORITHMTYPE); }
443 cast128		{ YYD; yylval.num = algtype_cast128;	return(ALGORITHMTYPE); }
444 blowfish	{ YYD; yylval.num = algtype_blowfish;	return(ALGORITHMTYPE); }
445 3idea		{ YYD; yylval.num = algtype_3idea;	return(ALGORITHMTYPE); }
446 des_iv32	{ YYD; yylval.num = algtype_des_iv32;	return(ALGORITHMTYPE); }
447 rc4 		{ YYD; yylval.num = algtype_rc4;	return(ALGORITHMTYPE); }
448 null_enc	{ YYD; yylval.num = algtype_null_enc;	return(ALGORITHMTYPE); }
449 null		{ YYD; yylval.num = algtype_null_enc;	return(ALGORITHMTYPE); }
450 aes		{ YYD; yylval.num = algtype_aes;	return(ALGORITHMTYPE); }
451 rijndael	{ YYD; yylval.num = algtype_aes;	return(ALGORITHMTYPE); }
452 twofish		{ YYD; yylval.num = algtype_twofish;	return(ALGORITHMTYPE); }
453 camellia	{ YYD; yylval.num = algtype_camellia;	return(ALGORITHMTYPE); }
454 non_auth	{ YYD; yylval.num = algtype_non_auth;	return(ALGORITHMTYPE); }
455 hmac_md5	{ YYD; yylval.num = algtype_hmac_md5;	return(ALGORITHMTYPE); }
456 hmac_sha1	{ YYD; yylval.num = algtype_hmac_sha1;	return(ALGORITHMTYPE); }
457 hmac_sha2_256	{ YYD; yylval.num = algtype_hmac_sha2_256;	return(ALGORITHMTYPE); }
458 hmac_sha256	{ YYD; yylval.num = algtype_hmac_sha2_256;	return(ALGORITHMTYPE); }
459 hmac_sha2_384	{ YYD; yylval.num = algtype_hmac_sha2_384;	return(ALGORITHMTYPE); }
460 hmac_sha384	{ YYD; yylval.num = algtype_hmac_sha2_384;	return(ALGORITHMTYPE); }
461 hmac_sha2_512	{ YYD; yylval.num = algtype_hmac_sha2_512;	return(ALGORITHMTYPE); }
462 hmac_sha512	{ YYD; yylval.num = algtype_hmac_sha2_512;	return(ALGORITHMTYPE); }
463 des_mac		{ YYD; yylval.num = algtype_des_mac;	return(ALGORITHMTYPE); }
464 kpdk		{ YYD; yylval.num = algtype_kpdk;	return(ALGORITHMTYPE); }
465 md5		{ YYD; yylval.num = algtype_md5;	return(ALGORITHMTYPE); }
466 sha1		{ YYD; yylval.num = algtype_sha1;	return(ALGORITHMTYPE); }
467 tiger		{ YYD; yylval.num = algtype_tiger;	return(ALGORITHMTYPE); }
468 sha2_256	{ YYD; yylval.num = algtype_sha2_256;	return(ALGORITHMTYPE); }
469 sha256		{ YYD; yylval.num = algtype_sha2_256;	return(ALGORITHMTYPE); }
470 sha2_384	{ YYD; yylval.num = algtype_sha2_384;	return(ALGORITHMTYPE); }
471 sha384		{ YYD; yylval.num = algtype_sha2_384;	return(ALGORITHMTYPE); }
472 sha2_512	{ YYD; yylval.num = algtype_sha2_512;	return(ALGORITHMTYPE); }
473 sha512		{ YYD; yylval.num = algtype_sha2_512;	return(ALGORITHMTYPE); }
474 oui		{ YYD; yylval.num = algtype_oui;	return(ALGORITHMTYPE); }
475 deflate		{ YYD; yylval.num = algtype_deflate;	return(ALGORITHMTYPE); }
476 lzs		{ YYD; yylval.num = algtype_lzs;	return(ALGORITHMTYPE); }
477 modp768		{ YYD; yylval.num = algtype_modp768;	return(ALGORITHMTYPE); }
478 modp1024	{ YYD; yylval.num = algtype_modp1024;	return(ALGORITHMTYPE); }
479 modp1536	{ YYD; yylval.num = algtype_modp1536;	return(ALGORITHMTYPE); }
480 ec2n155		{ YYD; yylval.num = algtype_ec2n155;	return(ALGORITHMTYPE); }
481 ec2n185		{ YYD; yylval.num = algtype_ec2n185;	return(ALGORITHMTYPE); }
482 modp2048	{ YYD; yylval.num = algtype_modp2048;	return(ALGORITHMTYPE); }
483 modp3072	{ YYD; yylval.num = algtype_modp3072;	return(ALGORITHMTYPE); }
484 modp4096	{ YYD; yylval.num = algtype_modp4096;	return(ALGORITHMTYPE); }
485 modp6144	{ YYD; yylval.num = algtype_modp6144;	return(ALGORITHMTYPE); }
486 modp8192	{ YYD; yylval.num = algtype_modp8192;	return(ALGORITHMTYPE); }
487 pre_shared_key	{ YYD; yylval.num = algtype_psk;	return(ALGORITHMTYPE); }
488 rsasig		{ YYD; yylval.num = algtype_rsasig;	return(ALGORITHMTYPE); }
489 dsssig		{ YYD; yylval.num = algtype_dsssig;	return(ALGORITHMTYPE); }
490 rsaenc		{ YYD; yylval.num = algtype_rsaenc;	return(ALGORITHMTYPE); }
491 rsarev		{ YYD; yylval.num = algtype_rsarev;	return(ALGORITHMTYPE); }
492 gssapi_krb	{ YYD; yylval.num = algtype_gssapikrb;	return(ALGORITHMTYPE); }
493 hybrid_rsa_server {
494 #ifdef ENABLE_HYBRID
495 	YYD; yylval.num = algtype_hybrid_rsa_s; return(ALGORITHMTYPE);
496 #else
497 	yyerror("racoon not configured with --enable-hybrid");
498 #endif
499 }
500 hybrid_dss_server {
501 #ifdef ENABLE_HYBRID
502 	YYD; yylval.num = algtype_hybrid_dss_s; return(ALGORITHMTYPE);
503 #else
504 	yyerror("racoon not configured with --enable-hybrid");
505 #endif
506 }
507 hybrid_rsa_client {
508 #ifdef ENABLE_HYBRID
509 	YYD; yylval.num = algtype_hybrid_rsa_c; return(ALGORITHMTYPE);
510 #else
511 	yyerror("racoon not configured with --enable-hybrid");
512 #endif
513 }
514 hybrid_dss_client {
515 #ifdef ENABLE_HYBRID
516 	YYD; yylval.num = algtype_hybrid_dss_c; return(ALGORITHMTYPE);
517 #else
518 	yyerror("racoon not configured with --enable-hybrid");
519 #endif
520 }
521 xauth_psk_server {
522 #ifdef ENABLE_HYBRID
523 	YYD; yylval.num = algtype_xauth_psk_s; return(ALGORITHMTYPE);
524 #else
525 	yyerror("racoon not configured with --enable-hybrid");
526 #endif
527 }
528 xauth_psk_client {
529 #ifdef ENABLE_HYBRID
530 	YYD; yylval.num = algtype_xauth_psk_c; return(ALGORITHMTYPE);
531 #else
532 	yyerror("racoon not configured with --enable-hybrid");
533 #endif
534 }
535 xauth_rsa_server {
536 #ifdef ENABLE_HYBRID
537 	YYD; yylval.num = algtype_xauth_rsa_s; return(ALGORITHMTYPE);
538 #else
539 	yyerror("racoon not configured with --enable-hybrid");
540 #endif
541 }
542 xauth_rsa_client {
543 #ifdef ENABLE_HYBRID
544 	YYD; yylval.num = algtype_xauth_rsa_c; return(ALGORITHMTYPE);
545 #else
546 	yyerror("racoon not configured with --enable-hybrid");
547 #endif
548 }
549 
550 
551 	/* identifier type */
552 user_fqdn	{ YYD; yylval.num = IDTYPE_USERFQDN; return(IDENTIFIERTYPE); }
553 fqdn		{ YYD; yylval.num = IDTYPE_FQDN; return(IDENTIFIERTYPE); }
554 keyid		{ YYD; yylval.num = IDTYPE_KEYID; return(IDENTIFIERTYPE); }
555 address		{ YYD; yylval.num = IDTYPE_ADDRESS; return(IDENTIFIERTYPE); }
556 subnet		{ YYD; yylval.num = IDTYPE_SUBNET; return(IDENTIFIERTYPE); }
557 asn1dn		{ YYD; yylval.num = IDTYPE_ASN1DN; return(IDENTIFIERTYPE); }
558 
559 	/* identifier qualifier */
560 tag		{ YYD; yylval.num = IDQUAL_TAG;  return(IDENTIFIERQUAL); }
561 file		{ YYD; yylval.num = IDQUAL_FILE; return(IDENTIFIERQUAL); }
562 
563 	/* units */
564 B|byte|bytes		{ YYD; return(UNITTYPE_BYTE); }
565 KB			{ YYD; return(UNITTYPE_KBYTES); }
566 MB			{ YYD; return(UNITTYPE_MBYTES); }
567 TB			{ YYD; return(UNITTYPE_TBYTES); }
568 sec|secs|second|seconds	{ YYD; return(UNITTYPE_SEC); }
569 min|mins|minute|minutes	{ YYD; return(UNITTYPE_MIN); }
570 hour|hours		{ YYD; return(UNITTYPE_HOUR); }
571 
572 	/* boolean */
573 yes		{ YYD; yylval.num = TRUE; return(BOOLEAN); }
574 no		{ YYD; yylval.num = FALSE; return(BOOLEAN); }
575 
576 {decstring}	{
577 			char *bp;
578 
579 			YYD;
580 			yylval.num = strtol(yytext, &bp, 10);
581 			return(NUMBER);
582 		}
583 
584 {hexstring}	{
585 			char *p;
586 
587 			YYD;
588 			yylval.val = vmalloc(yyleng + (yyleng & 1) + 1);
589 			if (yylval.val == NULL) {
590 				yyerror("vmalloc failed");
591 				return -1;
592 			}
593 
594 			p = yylval.val->v;
595 			*p++ = '0';
596 			*p++ = 'x';
597 
598 			/* fixed string if length is odd. */
599 			if (yyleng & 1)
600 				*p++ = '0';
601 			memcpy(p, &yytext[2], yyleng - 1);
602 
603 			return(HEXSTRING);
604 		}
605 
606 {quotedstring}	{
607 			char *p = yytext;
608 
609 			YYD;
610 			while (*++p != '"') ;
611 			*p = '\0';
612 
613 			yylval.val = vmalloc(yyleng - 1);
614 			if (yylval.val == NULL) {
615 				yyerror("vmalloc failed");
616 				return -1;
617 			}
618 			memcpy(yylval.val->v, &yytext[1], yylval.val->l);
619 
620 			return(QUOTEDSTRING);
621 		}
622 
623 {addrstring}	{
624 			YYD;
625 
626 			yylval.val = vmalloc(yyleng + 1);
627 			if (yylval.val == NULL) {
628 				yyerror("vmalloc failed");
629 				return -1;
630 			}
631 			memcpy(yylval.val->v, yytext, yylval.val->l);
632 
633 			return(ADDRSTRING);
634 		}
635 
636 <<EOF>>		{
637 			yy_delete_buffer(YY_CURRENT_BUFFER);
638 			incstackp--;
639     nextfile:
640 			if (incstack[incstackp].matchon <
641 			    incstack[incstackp].matches.gl_pathc) {
642 				char* filepath = incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon];
643 				incstack[incstackp].matchon++;
644 				incstackp++;
645 				if (yycf_set_buffer(filepath) != 0) {
646 					incstackp--;
647 					goto nextfile;
648 				}
649 				yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
650 				BEGIN(S_INI);
651 			} else {
652 				globfree(&incstack[incstackp].matches);
653 				if (incstackp == 0)
654 					yyterminate();
655 				else
656 					yy_switch_to_buffer(incstack[incstackp].prevstate);
657 			}
658 		}
659 
660 	/* ... */
661 {ws}		{ ; }
662 {nl}		{ incstack[incstackp].lineno++; }
663 {comment}	{ YYD; }
664 {semi}		{ return(EOS); }
665 .		{ yymore(); }
666 
667 %%
668 
669 void
670 yyerror(char *s, ...)
671 {
672 	char fmt[512];
673 
674 	va_list ap;
675 #ifdef HAVE_STDARG_H
676 	va_start(ap, s);
677 #else
678 	va_start(ap);
679 #endif
680 	snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n",
681 		incstack[incstackp].path, incstack[incstackp].lineno,
682 		yytext, s);
683 	plogv(LLV_ERROR, LOCATION, NULL, fmt, ap);
684 	va_end(ap);
685 
686 	yyerrorcount++;
687 }
688 
689 void
690 yywarn(char *s, ...)
691 {
692 	char fmt[512];
693 
694 	va_list ap;
695 #ifdef HAVE_STDARG_H
696 	va_start(ap, s);
697 #else
698 	va_start(ap);
699 #endif
700 	snprintf(fmt, sizeof(fmt), "%s:%d: \"%s\" %s\n",
701 		incstack[incstackp].path, incstack[incstackp].lineno,
702 		yytext, s);
703 	plogv(LLV_WARNING, LOCATION, NULL, fmt, ap);
704 	va_end(ap);
705 }
706 
707 int
708 yycf_switch_buffer(path)
709 	char *path;
710 {
711 	char *filepath = NULL;
712 
713 	/* got the include file name */
714 	if (incstackp >= MAX_INCLUDE_DEPTH) {
715 		plog(LLV_ERROR, LOCATION, NULL,
716 			"Includes nested too deeply");
717 		return -1;
718 	}
719 
720 	if (glob(path, GLOB_TILDE, NULL, &incstack[incstackp].matches) != 0 ||
721 	    incstack[incstackp].matches.gl_pathc == 0) {
722 		plog(LLV_ERROR, LOCATION, NULL,
723 			"glob found no matches for path \"%s\"\n", path);
724 		return -1;
725 	}
726 	incstack[incstackp].matchon = 0;
727 	incstack[incstackp].prevstate = YY_CURRENT_BUFFER;
728 
729     nextmatch:
730 	if (incstack[incstackp].matchon >= incstack[incstackp].matches.gl_pathc)
731 		return -1;
732 	filepath =
733 	    incstack[incstackp].matches.gl_pathv[incstack[incstackp].matchon];
734 	incstack[incstackp].matchon++;
735 	incstackp++;
736 
737 	if (yycf_set_buffer(filepath) != 0) {
738 	      incstackp--;
739 	      goto nextmatch;
740 	}
741 
742 	yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
743 
744 	BEGIN(S_INI);
745 
746 	return 0;
747 }
748 
749 int
750 yycf_set_buffer(path)
751 	char *path;
752 {
753 	yyin = fopen(path, "r");
754 	if (yyin == NULL) {
755 		fprintf(stderr, "failed to open file %s (%s)\n",
756 			path, strerror(errno));
757 		plog(LLV_ERROR, LOCATION, NULL,
758 			"failed to open file %s (%s)\n",
759 			path, strerror(errno));
760 		return -1;
761 	}
762 
763 	/* initialize */
764 	incstack[incstackp].fp = yyin;
765 	if (incstack[incstackp].path != NULL)
766 		racoon_free(incstack[incstackp].path);
767 	incstack[incstackp].path = racoon_strdup(path);
768 	STRDUP_FATAL(incstack[incstackp].path);
769 	incstack[incstackp].lineno = 1;
770 	plog(LLV_DEBUG, LOCATION, NULL,
771 		"reading config file %s\n", path);
772 
773 	return 0;
774 }
775 
776 void
777 yycf_init_buffer()
778 {
779 	int i;
780 
781 	for (i = 0; i < MAX_INCLUDE_DEPTH; i++)
782 		memset(&incstack[i], 0, sizeof(incstack[i]));
783 	incstackp = 0;
784 }
785 
786 void
787 yycf_clean_buffer()
788 {
789 	int i;
790 
791 	for (i = 0; i < MAX_INCLUDE_DEPTH; i++) {
792 		if (incstack[i].path != NULL) {
793 			fclose(incstack[i].fp);
794 			racoon_free(incstack[i].path);
795 			incstack[i].path = NULL;
796 		}
797 	}
798 }
799 
800